korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-18 00:24:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
0ce907f891
linux/drivers/gpu/drm
History
Chris Wilson 0ce907f891 drm/i915: Prevent use of uninitialized pointers along error path. 
X.org hang with [drm:i915_gem_do_execbuffer] *ERROR* in dmesg
  http://bugzilla.kernel.org/show_bug.cgi?id=15114

Matej found he was hitting an error path within i915_gem_do_execbuffer()
that led to the attempt to dereference an uninitialised pointer during
cleanup. This path used to be safe as we used to calloc the object
lists, but this was changed in c8e0f93. Daniel Vetter had also spotted
this error and proposed a similar patch.

[ 6379.732892] [drm:i915_gem_do_execbuffer] *ERROR* Object ffff880098cd6540 appears more than once in object list
[ 6379.740976] [drm:i915_gem_do_execbuffer] *ERROR* Object ffff880098cd6540 appears more than once in object list
[ 6379.740995] BUG: unable to handle kernel NULL pointer dereference at 00000000000000a0
[ 6379.740998] IP: [<ffffffff8122ddb5>] i915_gem_do_execbuffer+0xba5/0x1260
[ 6379.741006] PGD babab067 PUD bb435067 PMD 0
[ 6379.741010] Oops: 0002 [#1] PREEMPT SMP
[ 6379.741014] last sysfs file: /sys/devices/pci0000:00/0000:00:1c.2/0000:06:00.0/ieee80211/phy0/rfkill0/state
[ 6379.741017] CPU 1
[ 6379.741021] Pid: 2186, comm: X Not tainted 2.6.33-rc4-00399-g24bc734 #142 M11D/ESPRIMO Mobile M9400
[ 6379.741023] RIP: 0010:[<ffffffff8122ddb5>] [<ffffffff8122ddb5>] i915_gem_do_execbuffer+0xba5/0x1260
[ 6379.741027] RSP: 0018:ffff8800b9047b78  EFLAGS: 00213206
[ 6379.741029] RAX: 0000000000000000 RBX: 000000000000004f RCX: ffff880098cac800
[ 6379.741032] RDX: ffff880098caca78 RSI: ffff8800b9047c98 RDI: ffff880098cd6540
[ 6379.741034] RBP: ffff8800b9047c78 R08: ffffffff814b96b5 R09: 0000000000000006
[ 6379.741036] R10: 0000000000000000 R11: 0000000000000003 R12: 000000000000004e
[ 6379.741038] R13: 00000000fffffff7 R14: 0000000000000000 R15: 0000000000000001
[ 6379.741041] FS:  0000000000000000(0000) GS:ffff880001900000(0063) knlGS:00000000f72636c0
[ 6379.741043] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 6379.741041] FS:  0000000000000000(0000) GS:ffff880001900000(0063) knlGS:00000000f72636c0
[ 6379.741043] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 6379.741045] CR2: 00000000000000a0 CR3: 00000000b9000000 CR4: 00000000000006e0
[ 6379.741048] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 6379.741050] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 6379.741052] Process X (pid: 2186, threadinfo ffff8800b9046000, task ffff8800bb5d8000)
[ 6379.741054] Stack:
[ 6379.741055]  ffffc90023f57000 ffffc90023f56fff ffffc90023f56fff ffffc90023f55000
[ 6379.741059] <0> ffff8800b9047c98 ffff8800bb43c840 ffff8800bf1de800 ffff8800bf1de820
[ 6379.741063] <0> ffff8800b9047bd8 ffff880098cac800 0000000000000000 0000000000000002
[ 6379.741068] Call Trace:
[ 6379.741072]  [<ffffffff8122e6cb>] ?  i915_gem_execbuffer+0x6b/0x370
[ 6379.741077]  [<ffffffff810a5f52>] ? __vmalloc_node+0xa2/0xb0
[ 6379.741080]  [<ffffffff8122e6cb>] ?  i915_gem_execbuffer+0x6b/0x370
[ 6379.741083]  [<ffffffff8122e816>] i915_gem_execbuffer+0x1b6/0x370
[ 6379.741086]  [<ffffffff8120cd55>] drm_ioctl+0x1d5/0x460
[ 6379.741089]  [<ffffffff8122e660>] ?  i915_gem_execbuffer+0x0/0x370
[ 6379.741093]  [<ffffffff81248c35>] i915_compat_ioctl+0x45/0x50
[ 6379.741097]  [<ffffffff810f1659>] compat_sys_ioctl+0xa9/0x1570
[ 6379.741102]  [<ffffffff810b1d5c>] ? vfs_read+0x13c/0x1a0
[ 6379.741106]  [<ffffffff81028424>] sysenter_dispatch+0x7/0x2b
[ 6379.741108] Code: 08 85 c0 74 52 31 db 0f 1f 80 00 00 00 00 48 63 c3 48 8b
8d 68 ff ff ff 48 8d 14 c1 48 8b 02 48 85 c0 74 25 48 8b 80 80 00 00 00 <c7> 80
a0 00 00 00 00 00 00 00 48 8b 3a 48 85 ff 74 0c 48 c7 c6
[ 6379.741142] RIP  [<ffffffff8122ddb5>] i915_gem_do_execbuffer+0xba5/0x1260
[ 6379.741145]  RSP <ffff8800b9047b78>
[ 6379.741147] CR2: 00000000000000a0
[ 6379.741159] ---[ end trace 0598809afa4c31db ]---

Reported-by: Matej Laitl <strohel@gmail.com>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Eric Anholt <eric@anholt.net>
2010-01-25 09:00:38 -08:00
..
i2c drm/i2c/ch7006: Fix load detection false positives right after system init. 2009-12-16 17:04:45 +10:00
i810 drm: convert drm_ioctl to unlocked_ioctl 2009-12-18 11:22:31 +10:00
i830 drm: convert drm_ioctl to unlocked_ioctl 2009-12-18 11:22:31 +10:00
i915 drm/i915: Prevent use of uninitialized pointers along error path. 2010-01-25 09:00:38 -08:00
mga drm: convert drm_ioctl to unlocked_ioctl 2009-12-18 11:22:31 +10:00
nouveau drm/nv04: Fix set_operation software method. 2010-01-11 14:41:19 +10:00
r128 drm: convert drm_ioctl to unlocked_ioctl 2009-12-18 11:22:31 +10:00
radeon Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2010-01-13 16:13:57 -08:00
savage drm: convert drm_ioctl to unlocked_ioctl 2009-12-18 11:22:31 +10:00
sis drm: convert drm_ioctl to unlocked_ioctl 2009-12-18 11:22:31 +10:00
tdfx drm: convert drm_ioctl to unlocked_ioctl 2009-12-18 11:22:31 +10:00
ttm Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2009-12-16 10:30:17 -08:00
via drm: convert drm_ioctl to unlocked_ioctl 2009-12-18 11:22:31 +10:00
vmwgfx drm/vmwgfx: Use TTM handles instead of SIDs as user-space surface handles. 2009-12-23 10:06:24 +10:00
ati_pcigart.c drm: remove address mask param for drm_pci_alloc() 2010-01-07 13:15:50 +10:00
drm_agpsupport.c agp: switch AGP to use page array instead of unsigned long array 2009-06-19 10:21:42 +10:00
drm_auth.c drm: Remove memory debugging infrastructure. 2009-06-18 13:00:33 -07:00
drm_bufs.c drm: remove address mask param for drm_pci_alloc() 2010-01-07 13:15:50 +10:00
drm_cache.c drm: fix drm_cache.c for arch with no support. 2009-09-02 09:41:13 +10:00
drm_context.c drm: Remove memory debugging infrastructure. 2009-06-18 13:00:33 -07:00
drm_crtc_helper.c drm: change drm set mode messages as DRM_DEBUG 2010-01-13 16:16:05 +10:00
drm_crtc.c Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2010-01-11 09:46:20 -08:00
drm_debugfs.c drm: drm_debugfs, check kmalloc retval 2009-07-15 15:55:37 +10:00
drm_dma.c drm: Remove memory debugging infrastructure. 2009-06-18 13:00:33 -07:00
drm_dp_i2c_helper.c Merge remote branch 'anholt/drm-intel-next' into drm-linus 2009-12-08 14:03:47 +10:00
drm_drawable.c drm: Remove memory debugging infrastructure. 2009-06-18 13:00:33 -07:00
drm_drv.c drm: convert drm_ioctl to unlocked_ioctl 2009-12-18 11:22:31 +10:00
drm_edid.c drm/edid: Fix CVT width/height decode 2010-01-07 13:18:04 +10:00
drm_encoder_slave.c drm: fixup include file in drm_encoder_slave 2009-08-13 13:31:54 +10:00
drm_fb_helper.c drm/kms/fb: check for depth changes from userspace for resizing. 2010-01-11 14:36:09 +10:00
drm_fops.c drm: Add support for drm master_[set|drop] callbacks. 2009-12-04 08:55:46 +10:00
drm_gem.c drm: make sure page protections are updated after changing vm_flags 2009-11-24 13:02:30 +10:00
drm_hashtab.c drm: Remove memory debugging infrastructure. 2009-06-18 13:00:33 -07:00
drm_info.c drm: merge Linux master into HEAD 2009-03-28 20:22:18 -04:00
drm_ioc32.c drm: convert drm_ioctl to unlocked_ioctl 2009-12-18 11:22:31 +10:00
drm_ioctl.c drm: Remove memory debugging infrastructure. 2009-06-18 13:00:33 -07:00
drm_irq.c drm: Avoid calling vblank function is vblank wasn't initialized 2010-01-08 13:12:09 +10:00
drm_lock.c drm: Avoid client deadlocks when the master disappears. 2009-03-03 09:50:20 +10:00
drm_memory.c agp: switch AGP to use page array instead of unsigned long array 2009-06-19 10:21:42 +10:00
drm_mm.c drm/mm: fix logic for selection of best fit block 2009-12-23 10:08:08 +10:00
drm_modes.c lib: Introduce generic list_sort function 2010-01-12 21:02:00 -08:00
drm_pci.c drm: remove address mask param for drm_pci_alloc() 2010-01-07 13:15:50 +10:00
drm_proc.c drm: use proc_create_data() 2009-08-31 09:37:22 +10:00
drm_scatter.c drm: Remove memory debugging infrastructure. 2009-06-18 13:00:33 -07:00
drm_sman.c drm: Remove memory debugging infrastructure. 2009-06-18 13:00:33 -07:00
drm_stub.c drm: Export symbols needed for the vmwgfx driver. 2009-12-07 15:22:08 +10:00
drm_sysfs.c Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2009-09-21 08:10:09 -07:00
drm_vm.c const: mark struct vm_struct_operations 2009-09-27 11:39:25 -07:00
Kconfig drm/i915: Select CONFIG_SHMEM 2009-11-25 12:27:42 -08:00
Makefile Merge remote branch 'korg/drm-vmware-staging' into drm-core-next 2009-12-18 09:53:50 +10:00
README.drm

README.drm 

************************************************************
* For the very latest on DRI development, please see:      *
*     http://dri.freedesktop.org/                          *
************************************************************

The Direct Rendering Manager (drm) is a device-independent kernel-level
device driver that provides support for the XFree86 Direct Rendering
Infrastructure (DRI).

The DRM supports the Direct Rendering Infrastructure (DRI) in four major
ways:

    1. The DRM provides synchronized access to the graphics hardware via
       the use of an optimized two-tiered lock.

    2. The DRM enforces the DRI security policy for access to the graphics
       hardware by only allowing authenticated X11 clients access to
       restricted regions of memory.

    3. The DRM provides a generic DMA engine, complete with multiple
       queues and the ability to detect the need for an OpenGL context
       switch.

    4. The DRM is extensible via the use of small device-specific modules
       that rely extensively on the API exported by the DRM module.


Documentation on the DRI is available from:
    http://dri.freedesktop.org/wiki/Documentation
    http://sourceforge.net/project/showfiles.php?group_id=387
    http://dri.sourceforge.net/doc/

For specific information about kernel-level support, see:

    The Direct Rendering Manager, Kernel Support for the Direct Rendering
    Infrastructure
    http://dri.sourceforge.net/doc/drm_low_level.html

    Hardware Locking for the Direct Rendering Infrastructure
    http://dri.sourceforge.net/doc/hardware_locking_low_level.html

    A Security Analysis of the Direct Rendering Infrastructure
    http://dri.sourceforge.net/doc/security_low_level.html